Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
So I am renting this server because I need to host some MySQL databases. I can ssh into the server but have no physical access to it. It's not currently running a firewall, which is not good security practice. I want to setup a firewall on it, but am afraid of locking myself out.
What is the usual way of setting up a firewall on a remote server without locking yourself out ?
Haven't been here in a while, I know. I've been busy.
EDIT: P.S. This is a production server. I'll be doing this not during working hours, but if something happens that I can't fix overnight, I'm fired...
Last edited by metaschima; 04-18-2016 at 09:58 PM.
While you are testing, set up a cron job to clear your iptables rules every 30 mins or so.
What else is running on the server?
Do you want to restrict access to your MySQL by ip?
Otherwise, what do you hope to achieve with your firewall rules?
There are at least two ways of setting up a remote firewall without locking yourself out. One is to save the last known working firewall rules and then use an 'at' job to automatically restore them after a few minutes. That gives a short window to test the new rules and limits the possible lockout to the time until the at job. Another method is to use 'iptables-apply'. See the manual pages for either 'at' or 'iptables-apply'
Thanks, that makes sense, an at or cron job would do it.
The server is running MySQL and Bittorrent Sync. That's about it. Then I need SSH access.
I did restrict MySQL access by IP only.
What do I want to achieve with the firewall rules. I guess since I'm only running these two services, it won't help much will it. I'm just trying to secure the server.
I have disallowed root login to SSH. I'll disable unused services. Other ideas are welcome.
if you afraid of locking yourself out when you're configuring the firewall, i suggest you to use an excellent package named screen.
with screen you can have multiple terminals and your access to the server will be fine even if your connection is disrupted by a firewall rule.
screen or tmux can help you keep your work flow but it won't let you back in if you lock yourself out with the firewall. cron, at, or iptables-apply would be the way to let yourself back in.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
